[cryptography] DKIM: Who cares?
thierry.moreau at connotech.com
Fri Oct 26 08:02:10 EDT 2012
Peter Gutmann wrote:
> John Levine <johnl at iecc.com> writes:
>> Is there some point to speculating ...?
> Absolutely. ...
> ... so I'm
> assuming there was some business-case issue ...
> ... a security mechanism was deployed on a large scale ...
Let me speculate a moment.
The 384 bits keys are much more efficient than 768+ keys (see HIP
specifications first version which had a 384 bits DH prime for low-end
The business case is to avoid upgrading the e-mail servers merely
because you turn on DKIM (hitting a CPU horsepower limit).
Keep in mind that the RSA vs DSA spreads of CPU load between signer and
verifier are reversed (RSA signature is more CPU-intensive, DSA
verification is more CPU-intensive).
- Thierry Moreau
More information about the cryptography